A security flaw is detected in Facebook which generated millions of fake likes and comments in both real and fake accounts. LUMS Researcher Reveals Facebook Security Flaw that Allows Million of Fake Likes.
Working with a computer scientist at Facebook and one in Lahore, Pakistan, the team found more than 50 sites offering free, fake “likes” for users’ posts in exchange for access to their accounts, which were used to falsely “like” other sites in turn.
LUMS Researcher Reveals Facebook Security Flaw that Allows Million of Fake Likes
University of Iowa in US and LUMS Pakistan revealed that the thriving ecosystem of large scale reputation manipulation services on Facebook lack the principle of collision. The researchers told that there are dozens of sites that operate the collusion networks which automatically generates users likes for free. Right now researchers have fount 50 default networks however they believe that many more can exist.
The network exploit code is known as OAuth that lets third party applications such as Spotify, iMovie and the Play station Network to access Facebook accounts from anywhere between few hours to months.
The researcher also told that this flaw can be used for darker purpose than just gathering extra likes.
The researchers said:
“In addition to reputation manipulation, attackers can launch other serious attacks using leaked access tokens. For example, attackers can steal personal information of collusion network members as well as exploit their social graph to propagate malware,”
After this research, Facebook has blocked all the collision networks.
Facebook Spokesperson quoted:
We have addressed the activity described in this research and we are no longer seeing it on our platform,”